I have two firewalls running OpenBSD 5.1 with a 5.2 kernel amd64. I am
running the 5.2 kernel because of another, unrelated bug. I have 4
ethernet interfaces (em0-4). em0 and em1 are in a failover trunk mode on
trunk0 while em2 and em3 are members of trunk1 in failover mode. On
trunk0, I have
Hi,
just wanted to let you know that the problematic IP it is working to
now and no problems has been seen in the last 16-18 hours.
Problem vanished while trying to figure out the root cause.
-Michael
On Tue, 09 Aug 2011 17:39:54 +0200, Michael Lechtermann wrote:
Hi,
# ifconfig carp0
Hi all,
we are having some issues with CARP. One IP of three configured is
causing trouble. The systems are running OpenBSD 4.9-release.
Description:
IP 10.0.1.9 and 10.0.1.13 are working just fine, however, sometimes it
isn't possible to connect using IP 10.0.1.12.
Destroying the
Le Tue, 09 Aug 2011 15:29:17 +0200,
Michael Lechtermann mich...@lechtermann.net a icrit :
Hi all,
hello,
# ifconfig carp0
carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:5e:00:01:0a
priority: 0
carp: carpdev em0 advbase 1
Hi,
# ifconfig carp0
carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:5e:00:01:0a
priority: 0
carp: carpdev em0 advbase 1 balancing ip-stealth carppeer
10.0.1.11
state MASTER vhid 10 advskew 0
state
Hi,
On Tue, 06.01.2009 at 17:11:45 -0600, Jon Slusher jslus...@opinionlab.com
wrote:
and for some reason it tried to take over as the MASTER, while its CARP
a shot in the dark: Are you sure that CARP traffic flows freely between
the two firewalls, and that they both have the same password?
don't see anything useful in the
man page on this. Is there something I'm missing?
Thanks alot for taking the time to reply.
Jon
--
View this message in context:
http://www.nabble.com/CARP-issues-4.3-tp21322265p21336067.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.
Yesterday, while troubleshooting a rdr on the pair of openBSD 4.3
firewalls we use here I discovered there was a rule that required a
particular IP to be listed as an alias on the WAN interface. I used
ifconfig to add the alias to the interface and this brought our network
down. I didn't
On Fri, Jun 20 2008 at 48:12, Chris Naselli wrote:
Hi all!
Hi,
[...]
OpenOSPFD have the following configuration:
area 0.0.0.0 {
interface em0 # carped with carp0
interface em1 # carped with carp1
interface carp2
}
In this topology I found a problem: OpenOSPF
and thanks in advance.
Best wishes,
Chris
--
View this message in context:
http://www.nabble.com/OpenOSPF-routing-and-CARP-issues-%28-%29-tp18036287p18036287.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.
* Steven S [EMAIL PROTECTED] [2006-06-03 02:01]:
The self inflicted issue came when I added an alias IP to FW1:carp0 but not
yet to FW2:carp0. Both FW1 and FW2 became master for the interface, until I
added the alias to FW2.
that can lead to master-master situations unfortunately. not too
Steven S wrote:
It would appear my issues are related to timekeeping on these boxes
(Compaq DL360 G1).
If I bump advbase to '3' on each box everything is more stable.
Given this, I now have a roughly 10 second fail-over time, but that
is still acceptable.
Since these are production
It would appear my issues are related to timekeeping on these boxes (Compaq
DL360 G1).
If I bump advbase to '3' on each box everything is more stable. Given this,
I now have a roughly 10 second fail-over time, but that is still acceptable.
Since these are production boxes I'll probably wait
Joachim Schipper wrote:
Using NTPDATE in cron (30 minutes), I was able to handle this weird
behavior.
Take a look in your date/time, maybe it's the reason of your strange
carp issues.
As to problems with adjtime(2) and SMP machines, there is a small
diff from tedu@ on tech@ at
http
On Sat, Mar 18, 2006 at 02:28:24PM -0500, Steven S wrote:
Joachim Schipper wrote:
Using NTPDATE in cron (30 minutes), I was able to handle this weird
behavior.
Take a look in your date/time, maybe it's the reason of your strange
carp issues.
As to problems with adjtime(2
/time, maybe it's the reason of your strange
carp issues.
[]'s
Nadal
Bryan Irvine wrote:
Thought so. Had the same problem. Never got them working with
CARP.
There's some threads in the archives, but they probably won't help
since there is apparently no solution.
--Bryan
On 3/15/06
Anderson Nadal wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello.
I have the same problem.
...
Take a look in your date/time, maybe it's the reason of your strange
carp issues.
...
I thought of that too. If time changed by a couple seconds on the backup
server
On 3/17/06, Steven S [EMAIL PROTECTED] wrote:
Anderson Nadal wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello.
I have the same problem.
...
Take a look in your date/time, maybe it's the reason of your strange
carp issues.
...
I thought of that too. If time
Bryan Irvine wrote:
I tried before with 2 quad cards to no avail. That was under 3.6
though IIRC. 1 or 2 if's would fail over within a couple of hours,
but if left to it's own devices, eventually they all would.
If you do figure something out lemme know, I'd love to go back to the
quad
* Steven S [EMAIL PROTECTED] [2006-03-17 19:10]:
beginning to think it might be a component of the number of carp interfaces
unlikely.
[EMAIL PROTECTED] $ ifconfig | grep '^carp' | wc -l
15
and growing.
and yes, that is real-world production use.
--
BS Web Services,
Henning Brauer wrote:
* Steven S [EMAIL PROTECTED] [2006-03-17 19:10]:
beginning to think it might be a component of the number of carp
interfaces
unlikely.
[EMAIL PROTECTED] $ ifconfig | grep '^carp' | wc -l
15
and growing.
and yes, that is real-world production use.
How do you
On Fri, Mar 17, 2006 at 07:59:35PM +0100, Henning Brauer wrote:
* Steven S [EMAIL PROTECTED] [2006-03-17 19:10]:
beginning to think it might be a component of the number of carp interfaces
unlikely.
[EMAIL PROTECTED] $ ifconfig | grep '^carp' | wc -l
15
and growing.
and yes,
Adam D. Morley wrote:
...
Have you checked:
- carp settings in sysctl?
- carp pass rules (and ordering) in pf.conf (if you have default
deny)?
- that you have advskew set right on the backup firewall?
# grep carp /etc/sysctl.conf
net.inet.carp.allow=1 # allow incoming CARP
On Fri, Mar 17, 2006 at 02:35:55PM -0500, Steven S wrote:
Adam D. Morley wrote:
...
Have you checked:
- carp settings in sysctl?
- carp pass rules (and ordering) in pf.conf (if you have default
deny)?
- that you have advskew set right on the backup firewall?
# grep carp
* Steven S [EMAIL PROTECTED] [2006-03-17 20:23]:
Henning Brauer wrote:
* Steven S [EMAIL PROTECTED] [2006-03-17 19:10]:
beginning to think it might be a component of the number of carp
interfaces
unlikely.
[EMAIL PROTECTED] $ ifconfig | grep '^carp' | wc -l
15
and
Adam D. Morley wrote:
On Fri, Mar 17, 2006 at 02:35:55PM -0500, Steven S wrote:
Adam D. Morley wrote:
...
Thanks, this is helpful. The settings on the FW's are as above. An
incorrect setting (above) would seem to make it not work -- as
opposed to
Ok. But mine works and yours doesn't?
On 3/17/06, Adam D. Morley [EMAIL PROTECTED] wrote:
As another experiment I moved advbase on FW2 to '2' for all carps, but the
base is how often. skew is priority.
No, advbase is integer seconds between advertisements, advskew is
fractional seconds. Taken together, advbase and advskew are
minutes), I was able to handle this weird
behavior.
Take a look in your date/time, maybe it's the reason of your strange
carp issues.
As to problems with adjtime(2) and SMP machines, there is a small diff
from tedu@ on tech@ at
http://marc.theaimsgroup.com/?l=openbsd-techm=113592306900483w=2
On Fri, Mar 17, 2006 at 12:48:49PM -0800, Jon Simola wrote:
On 3/17/06, Adam D. Morley [EMAIL PROTECTED] wrote:
As another experiment I moved advbase on FW2 to '2' for all carps, but the
base is how often. skew is priority.
No, advbase is integer seconds between advertisements,
On Fri, Mar 17, 2006 at 03:41:01PM -0500, Steven S wrote:
Adam D. Morley wrote:
On Fri, Mar 17, 2006 at 02:35:55PM -0500, Steven S wrote:
Adam D. Morley wrote:
...
Thanks, this is helpful. The settings on the FW's are as above. An
incorrect setting (above) would seem to make it not
I have two firewalls (FW1 FW2) with multiple carp interfaces on an
external interface (carp1, carp12, carp14, carp15, carp16, carp17, carp18,
carp19, carp20). FW1 has all carp interfaces set with advbase 1 advskew 0
and FW2 has all carp interfaces with advbase 1 advskew 180. Frequently FW2
I don't suppose you are using a quad card of some kind are you?
On 3/15/06, Steven S [EMAIL PROTECTED] wrote:
I have two firewalls (FW1 FW2) with multiple carp interfaces on an
external interface (carp1, carp12, carp14, carp15, carp16, carp17, carp18,
carp19, carp20). FW1 has all carp
32 matches
Mail list logo
